| From: | Michael Nolan <htfoot(at)gmail(dot)com> |
|---|---|
| To: | Wiwwo Staff <wiwwo(at)wiwwo(dot)com> |
| Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Feature request: psql --idle |
| Date: | 2022-07-27 15:48:41 |
| Message-ID: | CAOzAqu+b-GmKrRhoOz4xmwYeGzCtZGyLkC4bZ371Em7UWNXfdw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Jul 27, 2022 at 7:50 AM Wiwwo Staff <wiwwo(at)wiwwo(dot)com> wrote:
> Since changing ph_hda.conf file to give users access involves the restart
> of server, many companies I work(ed) use a bastion host, where users ssh
> to, and are allowed "somehow" use postgresql.
>
> Still, those users need some login shell.
>
>
No, they don't need login shells. You can set up an SSH tunnel to the
bastion server on the user's system that in turn sets up a tunnel to the
database server on the bastion server.
Something like this:
ssh -f -N user(at)bastion -L XXXX:dbserver:YYYY
So when the user connects to port XXXX on the local server it tunnels
through to port YYYY on the dbserver through the bastion server.
This way you can limit who has access to the bastion server, and you can
set the PostgreSQL server to accept (only) the IP address of the bastion
server. We use this to access a database on an RDS server at AWS from a
server at a different data center.
--
Mike Nolan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alicja Kucharczyk | 2022-07-27 18:19:55 | Re: |
| Previous Message | Lars Vonk | 2022-07-27 15:39:21 | Performance issue on GIN index with gin_trgm_ops index column |